Merge branch 'develop' into patch-1

2 years ago · 6a4922e252
parent 76cfe863da cd055a61f9
commit 6a4922e252
1 changed files with 21 additions and 1 deletions
--- a/SOFTWARE-LIST.md
+++ b/SOFTWARE-LIST.md
@ -40,6 +40,12 @@ This list was initially populated using information from the following sources:
 | Adobe ColdFusion | | | | | [Adobe ColdFusion Link](https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html) | | | |
 | ADP | | | | | [ADP Alert Link](https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx) | | | |
 | AFAS Software | | | | | [AFAS Software Link](https://help.afas.nl/vraagantwoord/NL/SE/120439.htm) | | | |
+| AFHCAN Global LLC | AFHCANsuite | 8.0.7 - 8.4.3 | Not Affected | | [https://afhcan.org/support.aspx](https://afhcan.org/support.aspx) | | | |
+| AFHCAN Global LLC | AFHCANServer | 8.0.7 - 8.4.3 | Not Affected | | [https://afhcan.org/support.aspx](https://afhcan.org/support.aspx) | | | |
+| AFHCAN Global LLC | AFHCANcart | 8.0.7 - 8.4.3 | Not Affected | | [https://afhcan.org/support.aspx](https://afhcan.org/support.aspx) | | | |
+| AFHCAN Global LLC | AFHCANweb | 8.0.7 - 8.4.3 | Not Affected | | [https://afhcan.org/support.aspx](https://afhcan.org/support.aspx) | | | |
+| AFHCAN Global LLC | AFHCANmobile | 8.0.7 - 8.4.3 | Not Affected | | [https://afhcan.org/support.aspx](https://afhcan.org/support.aspx) | | | |
+| AFHCAN Global LLC | AFHCANupdate | 8.0.7 - 8.4.3 | Not Affected | | [https://afhcan.org/support.aspx](https://afhcan.org/support.aspx) | | | |
 | Agilysys | | | | | [Agilysys Link](https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f) | | | |
 | Advanced Systems Concepts (formally Jscape) | Active MFT | | Not Affected | No | [Log4J Vulnerabilty](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | 12/14/2021 |
 | Advanced Systems Concepts (formally Jscape) | MFT Server | | Not Affected | No | [Log4J Vulnerabilty](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | 12/14/2021 |
@ -69,6 +75,7 @@ This list was initially populated using information from the following sources:
 | Amazon | AWS Kinesis Data Stream | Unknown | Affected | Yes | [Update for Apache Log4j2 Issue (CVE-2021-44228)](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | We are actively patching all sub-systems that use Log4j2 by applying updates. The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library (KPL) are not impacted. For customers using KCL 1.x, we have released an updated version and we strongly recommend that all KCL version 1.x customers upgrade to KCL version 1.14.5 (or higher) | | 12/14/2021 |
 | Amazon | OpenSearch | Unknown | Affected | Yes [(R20211203-P2)](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | [Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | |
 | Apache | ActiveMQ Artemis | All | Not Affected | Yes | [ApacheMQ - Update on CVE-2021-4428](https://activemq.apache.org/news/cve-2021-44228) | ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). Although this version of Log4j is not impacted by CVE-2021-44228 future versions of Artemis will be updated so that the Log4j jar is no longer included in the web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) for more information on that task. | | 12/21/2021 |
+| AMD | All | | Not Affected | | [AMD Advisory Link](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034) | Currently, no AMD products have been identified as affected.  AMD is continuing its analysis. | | 12/22/2021 |
 | Apache | Camel | 3.14.1.3.11.5,3.7.7 | Affected | Yes | [APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/)| Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade.Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.7.6, 3.11.4. | | 12/13/2021 |
 | Apache | Camel Quarkus | | Not Affected | No | [APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/) | | | 12/13/2021 |
 | Apache | Camel K | | Not Affected | No | [APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/) | | | 12/13/2021 |
@ -98,6 +105,7 @@ This list was initially populated using information from the following sources:
 | APC by Schneider Electric | Powerchute Business Edition | v9.5, v10.0.1, v10.0.2, v10.0.3, v10.0.4 | Fixed | No | [https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345](https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345) | Mitigation instructions to remove the affected class. | | 12/15/2021 |
 | APC by Schneider Electric | Powerchute Network Shutdown | 4.2, 4.3, 4.4, 4.4.1 | Fixed | No | [https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345](https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345) | Mitigation instructions to remove the affected class. | | 12/15/2021 |
 | Aqua Security | | | | | [Aqua Security Google Doc](https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub) | | | |
+| Arbiter Systems | All | | Not Affected | | [Arbiter Systems Advisory Link](https://www.arbiter.com/news/index.php?id=4403) | | | 12/22/2021 |
 | Arca Noae | | | | | [Arca Noae Link](https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/) | | | |
 | Arcserve | Arcserve Backup | All | Not Affected | No | [https://support.storagecraft.com/s/article/Log4J-Update](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | 12/14/2021 |
 | Arcserve | Arcserve Continuous Availability | All | Not Affected | No | [https://support.storagecraft.com/s/article/Log4J-Update](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | 12/14/2021 |
@ -123,7 +131,7 @@ This list was initially populated using information from the following sources:
 | Atlassian | Jira Server & Data Center | All | Not Affected | | [Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html)| This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | |
 | Attivo networks | | | | | [Attivo Networks Advisory](https://www.attivonetworks.com/wp-content/uploads/2021/12/Log4j_Vulnerability-Advisory-211213-4.pdf) | | | |
 | AudioCodes | | | | | [AudioCodes Link](https://services.audiocodes.com/app/answers/kbdetail/a_id/2225) | | | |
-| Autodesk | | | | | [Autodesk Article Link](https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/CVE-2021-44228.html) | | | |
+| Autodesk | | | Under Investigation | | [Autodesk Article Link](https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/CVE-2021-44228.html) | Autodesk is continuing to perform a thorough investigation in relation to the recently discovered Apache Log4j security vulnerabilities. We continue to implement several mitigating factors for our products including patching, network firewall blocks, and updated detection signatures to reduce the threat of this vulnerability and enhance our ability to quickly respond to potential malicious activity. We have not identified any compromised systems in the Autodesk environment due to this vulnerability, at this time. This is an ongoing investigation and we will provide updates on the [Autodesk Trust Center as we learn more](https://www.autodesk.com/trust/overview). | | 12/21/2021 |
 | Automox | | | | | [Automox Blog Post](https://blog.automox.com/log4j-critical-vulnerability-scores-a-10) | | | |
 | Autopsy | | | | | [Autopsy Link](https://www.autopsy.com/autopsy-and-log4j-vulnerability/) | | | |
 | Auvik | | | | | [Auvik Status Link](https://status.auvik.com/incidents/58bfngkz69mj) | | | |
@ -191,6 +199,16 @@ This list was initially populated using information from the following sources:
 | BD | BD Synapsys™ Informatics Solution | | Not Affected | No | [BD Advisory Link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | 12/20/2021 |
 | BD | BD Veritor™ COVID At Home Solution Cloud | | Not Affected | No | [BD Advisory Link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | 12/20/2021 |
 | Beckman Coulter | | | Under Investigation | | [Beckman Coulter Advisory Link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | 12/20/2021 |
+| Beijer Electronics | acirro+ | | Not Affected | | [Beijer Electronics Advisory Link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | 12/22/2021 |
+| Beijer Electronics | BFI frequency inverters | | Not Affected | | [Beijer Electronics Advisory Link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | 12/22/2021 |
+| Beijer Electronics | BSD servo drives | | Not Affected | | [Beijer Electronics Advisory Link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | 12/22/2021 |
+| Beijer Electronics | CloudVPN | | Not Affected | | [Beijer Electronics Advisory Link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | 12/22/2021 |
+| Beijer Electronics | FnIO-G and M Distributed IO | | Not Affected | | [Beijer Electronics Advisory Link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | 12/22/2021 |
+| Beijer Electronics | iX Developer | | Not Affected | | [Beijer Electronics Advisory Link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | 12/22/2021 |
+| Beijer Electronics | Nexto modular PLC | | Not Affected | | [Beijer Electronics Advisory Link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | 12/22/2021 |
+| Beijer Electronics | Nexto Xpress compact controller | | Not Affected | | [Beijer Electronics Advisory Link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | 12/22/2021 |
+| Beijer Electronics | WARP Engineering Studio | | Not Affected | | [Beijer Electronics Advisory Link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | 12/22/2021 |
+| BioMerieux | | | Under Investigation | | [BioMerieux Advisory Link](https://www.biomerieux.com/en/cybersecurity-data-privacy) | | | 12/22/2021 |
 | Bender | | | | | [Bender Link](https://www.bender.de/en/cert) | | | |
 | Best Practical Request Tracker (RT) and Request Tracker for Incident Response (RTIR) | | | | | [Vendor Link](https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j) | | | |
 | BeyondTrust | Privilege Management Cloud | Unkown | Fixed | Yes | [Security Advisory – Apache Log4j2 CVE 2021-44228 (Log4Shell)](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | 2021-12-17 |
@ -243,6 +261,7 @@ This list was initially populated using information from the following sources:
 | BMC | TrueSight Operations Management | | Under Investigation | | [BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | |
 | BMC | TrueSight Orchestration | | Under Investigation | | [BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | |
 | Boston Scientific | | |Under Investigation | |[Boston Scientific Advisory Link](https://www.bostonscientific.com/content/dam/bostonscientific/corporate/product-security/bsc_statement_on_apache_log4j-v1.pdf) | | | 12/20/2021 |
+| Bosch | | | Affected | No | [Bosch Advisory Link](https://bosch-iot-suite.com/news/apache-log4j-rce-vulnerability/) | | | 12/22/2021 |
 | Box | | | | | [Box Blog Post](https://blog.box.com/boxs-statement-recent-log4j-vulnerability-cve-2021-44228) | | | |
 | Brainworks | | | | | [Brainworks Link](https://www.brainworks.de/log4j-exploit-kerio-connect-workaround/) | | | |
 | BrightSign | | | | | [BrightSign Link](https://brightsign.atlassian.net/wiki/spaces/DOC/pages/370679198/Security+Statement+Log4J+Meltdown+and+Spectre+Vulnerabilities#SecurityStatement%3ALog4J%2CMeltdownandSpectreVulnerabilities-JavaApacheLog4j) | | | |
@ -301,6 +320,7 @@ This list was initially populated using information from the following sources:
 | Broadcom | WebPulse | | Under Investigation | | [Broadcom Support Portal](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | |
 | C4b XPHONE | | | | | [C4b XPHONE Link](https://www.c4b.com/de/news/log4j.php) | | | |
 | Camunda | | | | | [Camunda Forum Link](https://forum.camunda.org/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228/31910) | | | |
+| Canary Labs | All | | Not Affected | | [Canary Labs Advisory Link](https://helpcenter.canarylabs.com/t/83hjjk0/log4j-vulnerability) | | | 12/22/2021 |
 | CarbonBlack | | | | | [CarbonBlack Advisory](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | |
 | Carestream | | | Not Affected | |[Carestream Advisory Link](https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy) | | | 12/20/2021 |
 | CAS genesisWorld | | | | | [CAS genesisWorld Link](https://helpdesk.cas.de/CASHelpdesk/FAQDetails.aspx?gguid=0x79F9E881EE3C46C1A71BE9EB3E480446) | | | |